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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
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1 )^| Responsive to communication(s) filed on 20 September 2007 . 
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3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^3 Claim(s) 1-60 is/are pending in the application. 
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5) D Claim(s) is/are allowed. 

6) |EI Claim(s) 9, 32-38 is/are rejected. 
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8) D Claim(s) are subject to restriction and/or election requirement. 
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DETAILED ACTION 

Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 9 and 32-38 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Harada (U.S. 2007/0124471) in view of Smith (U.S. 6,529,956). 

As per claim 9, Harada teaches a method comprising the steps of receiving a signal at a 
web server requesting a web page document from a WAD (Figure 5, Abstract); retrieving data 
for the web page document including a URL of one or more resources referenced in the web 
page document (paragraph 0029, 0036); retrieving resource access right data for the URL (0036, 
0040-0041); generating hash and/or encrypted data to generate secure access right data (0036, 
0040-0041); generating the web page document including a secure URL that can be used to 
generate a request for the one or more resources (Figure 5, 0036, 0040-0041); transmitting the 
web page document including the secure URL to the WAD (0040-0041); and wherein the steps 
are performed at the web server in response to the received signal from the WAD (0040-0041). 
Though suggested, Harada does not specifically teach that the received signal includes an IP 
address of the WAD, that the retrieval of the access right data uses the IP address of the WAD 
and/or a user name and password combination established through a login, and that a secure 
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URL is generated through the specific use of the WAD IP address or the login procedure. Smith 
teaches that the received signal includes an IP address of the WAD (column 11, lines 62-65; 
column 13, lines 60-65; column 15, lines 57-62; column 16, lines 15-25); retrieving resource 
access right data using the IP address of the WAD and/or user name and password established 
through a login procedure (column 11, lines 62-65; column 13, lines 60-65; column 15, lines 57- 
62; column 16, lines 15-25); and combining the secure resource access right data with the 
respective URL to generate a secure URL (2; 25-40, 11; 39-54, 17; 20-27). It would have been 
obvious to one of ordinary skill in the art at the time of the invention to include the specific 
embodiment of retrieving access right data using a received IP address or login procedure, and 
creating a secure URL through this data, as taught by Smith, into the user-specific secure web 
data access system of Harada. The motivation for doing so lies in the fact that using a secure 
URL (as defined by Smith) would enable further security and user-specificity, which would 
render the Harada invention more efficient and safe. Further, the concept of secure URLs in a 
web-accessing system is very well known in the art, and therefore this procedure of creating 
secure URLs would have been obvious to one of ordinary skill in the art. Both inventions are 
from the same field of endeavor, namely the efficient retrieval of data from a web server. 

As per claim 32, Harada-Smith teaches a method comprising the steps of: receiving a 
signal at web server requesting access to a resource, the request signal including a URL, secured 
resource access right data, and an IP address of a WAD requesting access to the resource, and 
hash data, wherein the request signal was generated from a web page document requested by the 
WAD that was generated by the web server and contains a secure URL combining hash data, 
URL, and secured resource access right data (Harada: Figure 5, 0036, 0040-0041; Smith: 2; 25- 
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40, 11; 39-54, 17; 20-27); verifying whether key data is valid based on data corresponding to the 
key data in a secure content key database (Smith: 13; 60-65); if the key data is verified as valid 
in step (b), generating hash data based on at least the IP address, URL, and the key data (Smith: 
15; 57-62, 16; 15-25); verifying that the hash data generated in step (c) matches the hash data 
included in the request signal received in the step (a) (Smith: 15; 30-40); and wherein the steps 
are performed at the web server in response to the received signal from the WAD (Harada: 
Figure 5, 0036, 0040-0041). 

As per claim 33, Harada-Smith teaches the method as claimed in claim 32, further 
comprising the steps of: terminating the request signal if the verifying of the step (d) indicates 
that the hash data generated in the step (c) does not match the hash data included in the request 
signal received in the step (a) (Smith: 13; 60-65). 

As per claim 34, Harada-Smith teaches the method as claimed in claim 33, further 
comprising the steps of: determining whether access to a resource is to be provided to a device 
identified by the IP address, based on the resource access right data included in the request signal 
(Smith: 15; 57-62, 16; 15-25); and providing access to the resource to a device identified by the 
IP address if the determining of the step (f) indicates that access to the resource is to be provided 
(Smith: 15; 57-62, 16; 15-25). 

As per claim 35, Harada-Smith teaches the method as claimed in claim 34, further 
comprising the steps of: retrieving resource access right data from a database, the determining of 
step (f) based further on whether the IP address of the request signal is authorized to access the 
resource indicated by the URL of the request signal, based on the retrieved resource access right 
data (Smith: 13; 60-65). 
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As per claim 36, Harada-Smith teaches the method as claimed in claim 32, wherein the 
request signal received in step (a) includes key index data, the method further comprising the 
step of: retrieving the key data from the secure content key database using key index data 
(Smith: 13; 32-46). 

As per claims 37 and 38, Harada-Smith teaches the method as claimed in claim 32, but 
does not specifically teach time-to-live considerations in dealing with the validity of key data. 
Official notice is taken that the consideration of time-based data in creating and using keys is 
well known in the art of key generation and manipulation (Please see paragraph 373 of U.S. 
2004/0170176, as an example). It would have been obvious to one of ordinary skill in the art at 
the time of the invention to include time-to-live considerations in the system of Smith-Harada, to 
allow for situations where sessions may be timed out, so that security is maintained. 

Response to Arguments 

Applicant's arguments filed on September 20, 2007 have fully been considered, and are 
respectfully traversed by the new grounds of rejection. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Tanim Hossain whose telephone number is 571/272-3881. The 
examiner can normally be reached on 8:30 am - 5 pm. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Jason Cardone can be reached on 571/272-3933. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Tanim Hossain 
Patent Examiner 
Art Unit 2145 
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Supervisory Patent Examiner, 
Art Unit 2145 



